MODULAR DIFFERENCE LOGIC IS HARD 



NIKOLAJ BJ0RNER, ANDREAS BLASS, YURI GUREVICH, 
AND MAD AN MUSUVATHI 



Abstract. In connection with machine arithmetic, we are interested 
in systems of constraints of the form x + k < y + k' . Over integers, the 
satisfiability problem for such systems is polynomial time. The problem 
becomes NP complete if we restrict attention to the residues for a fixed 
modulus A''. 

1. Introduction 

The goal of this paper is to attract attention to the following problem: 
Given a system S of inequalities, find out whether S is satisfiable in a given 
machine arithmetic. We formalize a special case of the problem, in Section [3l 
as the satisfiability problem for modular difference logic (MDL). MDL is a 
variant of integer difference logic (IDL) described in Section [5J The IDL 
satisfiability problem admits a simple and efficient decision procedure. It 
turns out that the MDL satisfiability problem is infeasible (unless P=NP). 

The MDL satisfiability problem is of particular relevance in the context 
of program verification and analysis. Established program verification en- 
vironments [2] and abstract interpretation methods [6] have long relied on 
arithmetic over integers or over real numbers for reasoning about programs, 
and for a good reason. There are well known efficient methods for solv- 
ing the satisfiability of linear arithmetic constraints over the reals, such as 
dual simplex or interior point methods. And integer constraints can be ap- 
proached by extending simplex with Gomory cuts and branching methods; 
besides, important special cases, such as integer difference logic, admit effi- 
cient procedures. So the use of integer or even real semantics is well justified 
from the perspective of state of the art algorithms. 

The obvious problem of course is that neither reals nor integers capture 
the proper semantics of machine arithmetic. Modular arithmetic, on the 
other hand, does capture machine arithmetic. Further, a system of difference 
constraints can be satisfiable over any fixed modulus > 1 but unsatisfiable 
over integers or reals, e.g. < x and x -|- 1 < 0. And a system of difference 
constraints can be satisfiable over integers and over reals, but unsatisfiable 
over a given modulus N, e.g. xq < xi < ■ ■ ■ < xn- 

It follows that the common program analysis tools tend to rely on methods 
that are both unsound and incomplete with respect to the accurate program 
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semantics. We prove here that the MDL satisfiability problem is NP hard 
and thus the development of efficient tools for the MDL satisfiability problem 
is likely to be elusive. We also show that the problem is NP. The search for 
efficient methods for the MDL satisfiability problem is on. 

2. Integer difference logic 

Integer difference logic (IDL) is a fragment of linear arithmetic. IDL 
constraints have the form 

X — y < k 

where x,y are integer variables and k is an integer constant. A system of 
IDL constraints may or may not have a solution. For example, the constraint 
system 

Xl — X2 < —3, X2 — X3 < 1, X3 — X4 < —2, X4 — Xi < 3 

is unsatisfiable, which can be established by adding the left and right-hand 
sides separately: 

= (Xi - X2) + (X2 - 2:3) + (X3 - Xa) + {Xi - Xl) 

< -3+1-2+3 
= -1 

The IDL constraint satisfiability problem (IDL-SAT) admits an efficient de- 
cision procedure. 

Proposition 1 ([7,1]). IDL-SAT is solvable in polynomial time. 

Some efficient procedures for IDL-SAT are based on the Floyd- Warshall 
or Ford-Fulkerson style algorithms [H [HI [5]. IDL-SAT can be generalized 
to octagon constraints ±2; ± y < /c while still retaining polynomial time 
solvability [6|. 

For the reader's convenience, we prove here the proposition. Our proof is 
based on the Floyd- Warshall algorithm. 

Proof. Let S be a system of IDL constraints. Without loss of generality, we 
presume that, for every pair (x, y) of variables there is at most one constraint 
of the form x — y < k. Extend S with an additional variable Sink adding 
constraints x < Sink (that is x— Sink < 0) for every original variable x; given 
any solution for S, set Sink to the maximal value of the original variables 
to get a solution of the extended system S"*". 

We construct a weighted directed graph G on the variables of T,'^: every 
constraint x — y < k gives rise to an edge from x to y of weight k. In 
particular we have a weight-zero edge from any original variable x to Sink. 
If G has a cycle of negative weight —n that starts and ends at vertex x then 
an unsolvable constraint x — x < — n is obtained by adding the inequalities 
from S"*" that gave rise to the edges in the cycle. 

The polynomial-time Floyd- Warshall algorithm [U [8] finds out whether 
G has negative cycles. Furthermore, suppose that G has no negative cycles. 
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Then the Floyd-Warshall algorithm computes the minimal weight W{x,y) 
of any path from x to y; if there is no path from x to y then W{x,y) = oo. 
This allows us to construct a solution S for S. 

Set S'(Sink) = and S{x) = W{x,Sink) for every variable in S. Every 
constraint x—y < /c of S is satisfied. Indeed, by the minimality of W, we have 
W{x,Smk) < W {x, y)+W{y, Sink) and W{x,y) < k. Hence S(x) < k+S{y) 
and S{x) — S{y) < k. (Note that W{x, Sink) is the minimal weight of any 
path from x on the original variables, so Sink is not really needed.) □ 

But integer difference logic cannot be directly used when reasoning about 
constraints coming from machine arithmetic because machine arithmetic 
uses modular addition. The question thus arises what is the complexity of 
the constraint satisfiability problem in the case of modular arithmetic? We 
establish here that the problem is NP complete. 

3. Modular difference logic 

Modular difference logic (MDL) is similar to integer difference logic except 
that integers are replaced with residues 0,1,..., A^— 1 modulo a fixed positive 
integer N. The residues are ordered in the obvious way; the maximal residue 
is iV - 1. 

Instead of restricting attention to the residues, it may be beneficial to 
work, modulo N, with arbitrary integers, and we will often do that. But 
one should be careful not to confuse (a) the standard integer order < and 
(b) another relation on integers, which we call <n and will define shortly, 
that reflects the order of the residues. Each integer i is equal modulo N to 
a unique residue i^- Define i <Ar j if < Jn- Relations =7v, >n, <n, >n 
are defined accordingly. These definitions precisely match the semantics 
of comparison operations supported by current hardware architectures for 
machine arithmetic. 

In the case of integers, a constraint x — y < k is equivalent to constraint 
X < y + k. This is not necessarily true in modular arithmetic. For example 
9 — 5 <io 5 but 9 5 + 5. Similarly x + 1 <Ar y is not necessarily equivalent 
to X <N ?/ — 1- For example, 5 <io — 1 =io 9 but 5 + 1 >io 0. 

We define MDL constraints to have the form 

(1) x + k <N y + l 

where x, y are variables and k, i are constants. The MDL Satisfiability Prob- 
lem (MDL-SAT) is the satisfiability problem for systems of MDL constraints. 

Remark 1. Prom the point of view of logic, modular difference logic is a 
fragment of the first-order theory T of discrete linear order with both ends 
(and two constants for the two ends) and with the cyclic successor and 
predecessor function. The two constants could be called Min and Max. The 
successor of Max is Min, and the predecessor of Min is Max. The question 
arises what's x + Zc? This depends on the sign of k. If A; > then x + Zc is the 
result of A;- fold application of the successor function to x; otherwise x + k 
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is the result of |fc|-fold application of the predecessor function. The residues 
modulo N form a model of T where Min = and Max = — 1. There are 
also infinite models of T. One of them can be obtained by reordering the 
integers as follows: 

< 1< 2 < 3 < • • • < -3 < -2 < -1. 

This order is reminiscent of the order <7v, where —1 is also the maximal 
element. 

It is known (and not hard to check, by means of an Ehrenfeucht-Prai'sse 
game [3]) that, for every first-order sentence <j) in the language of T, there is a 
natural number n, such that (j) does not distinguish between any two models 
of T of size > n. It follows that all infinite models of T are elementarily 
equivalent. In that sense, one may speak about the infinite model of T. 

We are interested primarily in the case of a modulus N that is large. 
From the point of view of logic, we can as well work with the infinite model 
of T. Every constraint-satisfaction problem for MDL can be formulated as 
an existential sentence in the language of T. □ 

4. MDL-SAT IS NP hard 

We now establish that a very modest fragment of MDL-SAT is NP hard. 

Theorem 2. Suppose that N > 4. Then the fragment of MDL-SAT with 
constraints of the form 

(2) X + 1 <7v y or X <7v y — 1 
is NP hard. 

Proof. Given a graph G, we construct a system of MDL constraints that 
is satisfiable if and only if the graph is 3-colorable. It will be convenient 
to assume that the vertices of G are linearly ordered. This allows us to 
represent edges as ordered pairs {v, w) where v < w. 

With every vertex t> of G we associate three variables V(),vi, and V2 and 
three constraints 

vo + l <N vi 

(3) Vi + 1 <N V2 

V2 + 1 <N Vq. 

One consequence of constraints ([3]) is that at least one of the three vari- 
ables takes the maximal value A^ — 1. With each edge e = {v, w) we associate 
six variables ei, 62, 63, /i, /2, /s and nine constraints: three constraints 

Vc <N Cc - 1, 

(4) Wc <N fc - 1, 

/c + 1 <N Gc 

for each c = 0,1,2. One consequence of the three constraints (jlj) is that 
residues Vc and Wc cannot simultaneously have the maximal value A^ — 1. 
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Indeed, ii Vc = Wc = N — 1 then, by the first and second constraints, 
= /c = which contradicts the third constraint. If all the constraints are 

satisfied then we have a 3-coloring for G: the color of a vertex v is the first 

number c such that Vc = N — 1. By ([3]), every vertex has a unique color. By 

dll), no two adjacent vertices have the same color. 

Now we suppose that G is 3-colorable (with colors 0, 1, 2) and prove that 

the constraint system is satisfiable. For every color c and every vertex v of 

color c, set 

Vc = N -1, Vc+l = 0, Vc+2 = 1- 

where addition in the subscripts is modulo 3. Clearly all inequalities ([3]) are 
satisfied. Now consider an edge e = {v, w) and a color c. We show how to 
satisfy the three constraints 

Case 1: c is the color of so that Vc = N — 1. Since w does not have 
color c, we have Wc € {0, 1}. To satisfy the first of the three constraints, 
set Be = 0. To satisfy the third constraint, set fc = N — 1. The second 
constraint is satisfied as well: Wc < 1 <: N — 2. 

Case 2: c is the color of w, so that Wc = N — 1 and Vc € {0, 1}. To satisfy 
the second constraint, set fc = 0. To satisfy the first and third constraints, 
set Cc = 2. 

Case 3: neither v nor w is of color c, so that both Vc and Wc are < 1. Set 
fc = 2 and Cc = 3. □ 

Remark 2. One may be interested in the variant of MDL-SAT where the 
modulus N is not fixed but is a part of the input. Theorem [2] and its proof 
remain valid. 

5. Strict Inequalities 

Over integers, a non-strict inequality x — y < k is equivalent to a strict 
inequality x — y < k + 1. The relation between non-strict and strict in- 
equalities is much more subtle in modular arithmetic. With this in mind, 
we prove a version of Theorem [2] with strict inequalities. 

Theorem 3. Suppose that N >9. Then the fragment of the modified MDL- 
SAT with constraints of the form 

X + k <]\f y + £ 

is NP hard. 

In fact, we will use only values 0, 1, 2 for k and only values 0, 1, —1 for L 

Proof. The proof is again by reduction from the 3-colorability problem, and 
it is similar to the proof of Theorem [2l Constraints ([3]) replaced with con- 
straints 

fO + 2 <N Vi, 

(5) Vi+2 <N V2, 

V2 + 2 <N Vo, 
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and constraints ([!]) are replaced with constraints 

Vc <N ec - 1, 

(6) Wc <N fc - 1, 

/c + 1 <N Cc + 1 

For each vertex v, constraints ^ force at least one of the three residues 
fc to be > — 2. The idea is that when Vc has value > N — 2, then c is an 
acceptable color for v. Constraints ([6]) imply that residues Vc and Wc cannot 
be simultaneously > N — 2. Indeed, by the first of the three constraints, 
Vc cannot have the maximal value — 1, and Vc = N — 2 then Cc = 0. 
Similarly, Wc ^ N — 1, and ii Wc = N — 2 then /c = 0. Vc = Wc = N — 2 
then Cc = /c = and then the third inequality fails. Thus, any solution of 
the new system of constraints yields a 3-coloring of G. 

In the other direction, we need to convert a given 3-coloring of G into a 
solution for the constraint system. For every color c and every vertex v of 
color c, we set 

Vc = N -2, Vc+l = 1, Vc+2 = 4. 

Clearly ([5]) is satisfied. Now consider an edge e = {v,w) and a color c. We 
show how to satisfy the three constraints ([6]) . As in the proof of Theorem [21 
we consider three cases. 

Case 1: c is the color of v, so that Vc = N — 2 and Wc € {1)4}. To 
satisfy the first constraint, set Cc = 0. To satisfy the third constraint, set 
fc = N — 1. The second constraint is satisfied as«;c^4<A^ — 2 = /c — 1. 

Case 2: c is the color of w so that Wc = N — 2 and Vc € {1, 4}. Set Cc = 6 
and fc = 0. Clearly Q is satisfied. 

Case 3: Neither v nor w is of color c so that both Vc and Wc are in {1,4}. 
Set Cc = 7 and fc = O 

6. MDL-SAT IS NP 

In this section, we modify the satisfiability problem MDL-SAT for modu- 
lar difference logic in two ways. First, the modulus is a part of the input. 
Second, we liberalize the notion of MDL constraints by allowing constraints 
in the form of non-strict inequalities of the form 

x + k <7v y + or X <iy k, or x >Ar k, 
strict inequalities of the form 

x + k <j\[ y + £, or x <iy k, or x >n k, 

as well as equalities of the form 

x + k =Ar y + i, or x =n k. 

Both modifications make the problem harder and thus make the next theo- 
rem stronger. 
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Theorem 4. The constraint satisfiability problem MDL-SAT for modular 
difference logic is NP. 

Proof. Let S be a system of MDL constraints with p variables. Let m be the 
maximum of the absolute values of the constants in the S constraints. We 
prove that, if S has any solution, then it has a solution where the absolute 
values of all variables are < {2m + l)p. It follows that MDL-SAT is NP. 

Suppose that S has a solution S that maps the variables into the residues 
modulo N . To simplify the exposition, we extend S with two additional 
variables "ymim ^^max and with two equations Vmm = 0, fmax = —1- The 
solution S extends appropriately. 

We create an auxiliary graph Gs- The vertices are the variables of S, 
and the edges are pairs {v,w} such that \S{v) — S{w)\ < 2m. Connected 
components of Gs will be called clusters. The domain of a cluster C is a 
closed interval [a,b]. If w is a leftmost variable of G (so that S{v) < S{'w) 
for any other variable w (z G) then a = max{0, S{v) — m}. And if v is the 
rightmost variable of G then b = min{A^ — l,S{v) + m}. The domains of 
different clusters are disjoint. 

The clusters different from those of Umin and Vmax will be called inner. The 
crucial observation is that inner clusters could be shifted around. Indeed, 
consider an inner cluster G with domain [a,b], and let r be the right end 
of the domain of the left neighbor of G, so that a > r. If r < a' < a, 
shift G leftward for distance d = a — a' , that is, modify assignment S to an 
assignment S' that is like S except that S'{v) = S{v) — d on the variables v 
of G. It is easy to see that «S" is a solution for S. In a similar way clusters 
could be shifted to the right. 

Now we are ready to produce the desired small-value solution. If there 
are inner clusters, shift the leftmost inner cluster Ci to the left as far as 
possible (so that a' = r -|- 1 in the notation of the previous paragraph) . If 
there are inner clusters to the right of Ci, shift the right neighbor G2 of Ci 
to the left as far as possible. And so on until all inner clusters are packed 
as close as possible on the left side. Let S* be the resulting solution. In the 
rest of the proof, variables represent their S* values. 

In addition to Vmm = 0, there are i < p original variables in the cluster 
of Vmin and the inner clusters: vq = Vmm < vi < ■ ■ ■ < Vi. Every Vi-^-l — 
Vi < 2m + 1. It follows that every Vi < V£ < i{2m -|- 1) < p{2m + 1). 
A similar argument applies to the cluster of Vmax except that there the 
distance between neighboring variables is < 2m. Every variable v there is 
within distance 2pm from the end, so that \v\ < 2pm + 1. That completes 
the proof. □ 

Remark 3. We have not used the fact that modulus is a part of the input. 
The theorem and the proof remain valid if the modulus is fixed or even if it 
is infinite as in Remark [TJ 
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